What to do when you forget your master password

Forgetting your master password is one of the most stressful moments in password management. The vault that contains credentials for every account you use is inaccessible. There is no email reset. There is no customer support escalation. If you are using a zero-knowledge password manager, the company genuinely cannot help you get in — they do not hold a copy of your master password or any key that can decrypt your vault without it.

What happens next depends entirely on what you set up before this happened. Emergency access, backup codes, recovery phrases, account recovery options — all of these require prior configuration. If you configured them, recovery is possible. If you didn't, the options are limited and potentially catastrophic.

This is also the guide that should drive you to configure recovery options right now, while the vault is accessible, before you ever need this page.

The assumption 'I can reset my master password by verifying my identity with the company' does not apply to zero-knowledge providers. LastPass, Bitwarden, Keeper, Dashlane, NordPass, and Proton Pass all have architectures where the master password cannot be reset from the server side — because the server never held it. Identity verification can confirm that you own the account; it cannot decrypt the vault without the master password that was used to create the encryption key. Customer support tickets to these providers for master password recovery receive a factual 'we cannot help with this' response.

A second assumption is that the vault is accessible on currently logged-in devices even after forgetting the master password. This is partially true: most managers cache the decrypted vault locally and use biometric or PIN authentication for subsequent unlocks. If the device is still logged in and the session hasn't been invalidated, you may be able to export the vault from a currently authenticated session even though you cannot authenticate from a new device.

A third assumption is that this situation is rare. It is not. Master password recovery is one of the most common support requests across all password manager providers — even though the support team cannot fulfil it. Planning for this scenario is more realistic than assuming it won't happen.

If you are currently locked out and your vault is inaccessible: check every device that has ever had the manager installed — a device that remains authenticated may allow vault export. Check whether you configured emergency access — if so, your designated contact can request access after the waiting period. Check for recovery phrases — NordPass and Proton Pass provide recovery phrases at setup; if you saved it, vault access can be restored. Check for SMS account recovery options — LastPass offers this. If none of these apply and no devices are authenticated, the vault is inaccessible permanently.

If you have successfully accessed the vault and want to prevent this situation recurring: change the master password to something more memorable (a passphrase of 5-6 random words is both memorable and secure). Store the passphrase in multiple physically secure locations — paper in a safe, sealed envelope with a solicitor, or with a trusted contact. Configure emergency access if your provider supports it. Write a calendar reminder to verify your master password monthly — the habit of typing it prevents the forgetting.

For providers without emergency access (Dashlane, NordPass, Proton Pass): the recovery phrase or code provided at setup is the only non-master-password path. For NordPass and Proton Pass specifically, losing both the master password and the recovery phrase is permanent — there is no recovery path. Treat the recovery phrase as a second master password and store it with equivalent care.

Recovery options described here reflect the features available as of 2024. Providers update their recovery mechanisms; check current documentation for the latest options. Some providers have added recovery features over time — NordPass and Proton Pass may expand emergency access options in future releases.